June 21, 2007

Calling Socialtext Open Source

Michael Tiemann, President of the Open Source Initiative (OSI), takes a strong stand that unless a company uses an OSI-approved license they should not call themselves open source. Technically, nobody owns the open source trademark, it is a common mark that anyone can use and modify how they see fit. The community has a process with OSI that if followed lets a company use the OSI Certified mark. If someone doesn't follow this process in using an approved license or getting theirs approved, they don't have the right to use the mark. If they use the mark anyway, they will be both shamed by the community and potentially sued. But that's technically. Michael is suggesting that OSI and the community should defend the term open source, even through it doesn't have the legal means to do so.

So here’s what I propose: let’s all agree–vendors, press, analysts, and
others who identify themselves as community members–to use the term
‘open source’ to refer to software licensed under an OSI-approved
license. If no company can be successful by selling a CRM solution
licensed under an OSI-approved license, then OSI (and the open source
movement) should take the heat for promoting a model that is not
sustainable in a free market economy. We can treat that case as a bug,
and together we can work (with many eyes) to discern what it is about
the existing open source definition or open source licenses made CRM a
failure when so many other applications are flourishing. But just
because a CEO thinks his company will be more successful by promoting
proprietary software as open source doesn’t teach anything about the
true value of open source. Hey–if people want to try something that’s
not open source, great! But let them call it something else, as
Microsoft has done with Shared Source. We should never put the customer
in a position where they cannot trust the term open source to mean
anything because some company and their investors would rather make a
quick buck than an honest one, or because they believe more strongly in
their own story than the story we’ve been creating together for the
past twenty years. We are better than that. We have been successful
over the past twenty years because we have been better than that. We
have built a well-deserved reputation, and we shouldn’t allow others to
trade the reputation we earned for a few pieces of silver...

Open Source has grown up. Now it is time for us to stand up. I believe
that when we do, the vendors who ignore our norms will suddenly
recognize that they really do need to make a choice: to label their
software correctly and honestly, or to license it with an OSI-approved
license that matches their open source label. And when they choose the
latter, I'll give them a shout out, as history shows.

I applaud Michael's stand, as this kind of leadership helps move some core issues forward. Socialtext has advocated that commercial open source companies should follow the OSI process and gain OSI Certification, as we are. I've said that we won't use the OSI Certified mark until we have earned it, but use the term open source. However, while this is technically correct, I'm concerned about the unfolding rift in the community.

I am to blame for part of it. When we submitted the Generic Attribution Provision (GAP) to OSI back in November we tried to both gain certification for an MPL+Attribution license, and do so in a non-standard way. We sought to have attribution be a provision you could add to any of the 50+ approved licenses that allowed for extension. While this might result in a more favorable taxonomy of available licenses and make license proliferation more future proof, we didn't follow the process correctly and submit a complete license. We then took too long to draft and submit the Socialtext Public License (STPL) in March. When OSI was going to vote upon it this month, we didn't have enough time to incorporate feedback, test the draft of the Common Public Attribution License (CPAL) against our own goals and have time for the OSI-discuss mailing list to vet it. Sure, OSI itself could have moved the process forward, but ultimately I could have driven it better. Approximately 40 companies use similar licenses without following this process and are looking to us for leadership. I'm not certain how many will adopt CPAL if approved, but I have a role in why there is no conclusion to certifying an attribution license, yet.

Most of our developers have a long track record in open source. Having things take so long and with less than perfect execution effects them personally. Which brings me to the point of Michael's post, on using the term open source. We've had a lot of conversation within our company wiki about this over the past few months. Casey West, in particular, took me to task for us taking the position of using the term open source, but not the mark OSI Certified. Technically, I'm not sure what we should call ourselves right now. We are following the process and have committed to using an OSI approved license one way or another (if ours is not approved, we will adopt an approved one, even at commercial cost). Even edits on our Wikipedia page, from friends of ours, say we are not open source.

So what I'd like to hear from the community is what we should call ourselves. If the consent of the community isn't open source, but to use a different term, I'll edit our site and wiki appropriately. It should be a short term monkier for us, but I believe it is our responsibility if we want to be part of the larger open source community.

Comments

Calling Socialtext Open Source

Michael Tiemann, President of the Open Source Initiative (OSI), takes a strong stand that unless a company uses an OSI-approved license they should not call themselves open source. Technically, nobody owns the open source trademark, it is a common mark that anyone can use and modify how they see fit. The community has a process with OSI that if followed lets a company use the OSI Certified mark. If someone doesn't follow this process in using an approved license or getting theirs approved, they don't have the right to use the mark. If they use the mark anyway, they will be both shamed by the community and potentially sued. But that's technically. Michael is suggesting that OSI and the community should defend the term open source, even through it doesn't have the legal means to do so.

So here’s what I propose: let’s all agree–vendors, press, analysts, and
others who identify themselves as community members–to use the term
‘open source’ to refer to software licensed under an OSI-approved
license. If no company can be successful by selling a CRM solution
licensed under an OSI-approved license, then OSI (and the open source
movement) should take the heat for promoting a model that is not
sustainable in a free market economy. We can treat that case as a bug,
and together we can work (with many eyes) to discern what it is about
the existing open source definition or open source licenses made CRM a
failure when so many other applications are flourishing. But just
because a CEO thinks his company will be more successful by promoting
proprietary software as open source doesn’t teach anything about the
true value of open source. Hey–if people want to try something that’s
not open source, great! But let them call it something else, as
Microsoft has done with Shared Source. We should never put the customer
in a position where they cannot trust the term open source to mean
anything because some company and their investors would rather make a
quick buck than an honest one, or because they believe more strongly in
their own story than the story we’ve been creating together for the
past twenty years. We are better than that. We have been successful
over the past twenty years because we have been better than that. We
have built a well-deserved reputation, and we shouldn’t allow others to
trade the reputation we earned for a few pieces of silver...

Open Source has grown up. Now it is time for us to stand up. I believe
that when we do, the vendors who ignore our norms will suddenly
recognize that they really do need to make a choice: to label their
software correctly and honestly, or to license it with an OSI-approved
license that matches their open source label. And when they choose the
latter, I'll give them a shout out, as history shows.

I applaud Michael's stand, as this kind of leadership helps move some core issues forward. Socialtext has advocated that commercial open source companies should follow the OSI process and gain OSI Certification, as we are. I've said that we won't use the OSI Certified mark until we have earned it, but use the term open source. However, while this is technically correct, I'm concerned about the unfolding rift in the community.

I am to blame for part of it. When we submitted the Generic Attribution Provision (GAP) to OSI back in November we tried to both gain certification for an MPL+Attribution license, and do so in a non-standard way. We sought to have attribution be a provision you could add to any of the 50+ approved licenses that allowed for extension. While this might result in a more favorable taxonomy of available licenses and make license proliferation more future proof, we didn't follow the process correctly and submit a complete license. We then took too long to draft and submit the Socialtext Public License (STPL) in March. When OSI was going to vote upon it this month, we didn't have enough time to incorporate feedback, test the draft of the Common Public Attribution License (CPAL) against our own goals and have time for the OSI-discuss mailing list to vet it. Sure, OSI itself could have moved the process forward, but ultimately I could have driven it better. Approximately 40 companies use similar licenses without following this process and are looking to us for leadership. I'm not certain how many will adopt CPAL if approved, but I have a role in why there is no conclusion to certifying an attribution license, yet.

Most of our developers have a long track record in open source. Having things take so long and with less than perfect execution effects them personally. Which brings me to the point of Michael's post, on using the term open source. We've had a lot of conversation within our company wiki about this over the past few months. Casey West, in particular, took me to task for us taking the position of using the term open source, but not the mark OSI Certified. Technically, I'm not sure what we should call ourselves right now. We are following the process and have committed to using an OSI approved license one way or another (if ours is not approved, we will adopt an approved one, even at commercial cost). Even edits on our Wikipedia page, from friends of ours, say we are not open source.

So what I'd like to hear from the community is what we should call ourselves. If the consent of the community isn't open source, but to use a different term, I'll edit our site and wiki appropriately. It should be a short term monkier for us, but I believe it is our responsibility if we want to be part of the larger open source community.